CrossHair
angr
Our great sponsors
CrossHair | angr | |
---|---|---|
8 | 13 | |
948 | 7,203 | |
- | 1.8% | |
9.2 | 9.7 | |
6 days ago | 6 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CrossHair
-
Try CrossHair while working other Python projects
Writing some Python for Hacktoberfest? Try out CrossHair while you do that and get credit for a blog post too! https://github.com/pschanely/CrossHair/issues/173
-
What are some amazing, great python external modules, libraries to explore?
CrossHair, Hypothesis, and Mutmut for advanced testing.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Klara: Python automatic test generations and static analysis library
The main difference that Klara bring to the table, compared to similar tool like pynguin and Crosshair is that the analysis is entirely static, meaning that no user code will be executed, and you can easily extend the test generation strategy via plugin loading (e.g. the options arg to the Component object returned from function above is not needed for test coverage).
-
Pynguin – Allow developers to generate Python unit tests automatically
Just in case you are looking for an alternative approach: if you write contracts in your code, you might also consider crosshair [1] or icontract-hypothesis [2]. If your function/method does not need any pre-conditions then the the type annotations can be directly used.
(I'm one of the authors of icontract-hypothesis.)
[1] https://github.com/pschanely/CrossHair
[2] https://github.com/mristin/icontract-hypothesis
-
Programming in Z3 by learning to think like a compiler
There's a tool for verification of Python programs based on contracts which uses Z3: https://github.com/pschanely/CrossHair
You can use it as part of your CI or during the development (there's even a neat "watch" mode, akin to auto-correct).
- Diff the behavior of two Python functions
-
Finding Software Bugs Using Symbolic Execution
Looking at some of your SMT-based projects, I'd love to compare your SMT solver notes with my mine from working on https://github.com/pschanely/CrossHair
Sadly, there aren't a lot of resources on how to use SMT solvers well.
angr
-
30 Years of Decompilation and the Unsolved Structuring Problem: Part 1
That's awesome! That's exactly how modern decompilers deal with a special type of goto occurrence. They reduce gotos (or completely eliminate them) by introducing a `while(true)` loop, followed by corresponding `continue` and `breaks`... we all, of course, know that `while(true)` did not exist in the source, but it's a nice hack!
We even do this in the angr decompiler, found here: https://github.com/angr/angr/blob/8e48d001e18a913ecd4ed2e995...
- Ask not what the compiler can do for you
-
The Full Story of Large Language Models and RLHF
One would hope browser and OS vendors would use AI to remediate vulnerabilities but vast majority of software vendors won't ever use it.
Also, automated vulnerability finding is very much real and already used today. This isn't something that has just become viable via LLMs, but I guess LLMs can enhance it:
https://github.com/angr/angr
-
Synthesizing optimal 8051 code with an SMT solver (2020)
Check out angr [1], a symbolic execution engine, and claripy [2], its frontend to SMT solvers like z3.
[1] https://angr.io
[2] https://api.angr.io/claripy.html
-
Any standard algorithms for parsing (disassembling) machine code?
BAP (https://github.com/binaryanalysisplatform/bap), angr (https://angr.io/) and others already do what you're asking for as more purpose-built solutions for dynamic analysis. Angr specifically in python.
-
Can anyone explain to me how to find main function in elf file?
As /u/hkei noted, it's actually quite difficult to do in general, and usually requires some kind of heuristic. For example, see https://github.com/dyninst/dyninst/blob/v12.1.0/dyninstAPI/src/image.C#L476. Full disclosure, I am a Dyninst developer. There is also the python-based angr that might be more amenable to a one-off solution.
-
We are Legitimate Business Syndicate, DEF CON CTF Organizers 2013-2017, Ask Us Anything
I think there's a lot of promise in automation that's been spun off from the CTF community. Angr and Binary Ninja are both very much spinoffs from contest hacking, and are pretty great for helping a skilled hacker find flaws in software.
-
Awesome Penetration Testing
angr - Platform-agnostic binary analysis framework.
-
Programming in Z3 by learning to think like a compiler
angr uses z3.
https://github.com/angr/angr
Supposedly, the DoD has used angr for some use cases.
-
What's a good technology to introduce to my company?
Try using angr to automate bug finding
What are some alternatives?
pynguin - The PYthoN General UnIt Test geNerator is a test-generation tool for Python
qiling - A True Instrumentable Binary Emulation Framework
icontract-hypothesis - Combine contracts and automatic testing.
pwntools - CTF framework and exploit development library
alive2 - Automatic verification of LLVM optimizations
RustScan - 🤖 The Modern Port Scanner 🤖
klee - KLEE Symbolic Execution Engine
frontier-silicon-firmwares - Frontier silicon internet radio firmware binaries
miasm - Reverse engineering framework in Python
bap - Binary Analysis Platform
boofuzz - A fork and successor of the Sulley Fuzzing Framework
BinV - 👓 Yet another binary vulnerbilities checker. An automated vulnerability scanner for ELF based on symbolic execution.